[00:05] *** zeshoem has quit IRC (Ping timeout: 252 seconds) [00:05] *** zeshoem has joined #arpnetworks [00:19] *** zeshoem has quit IRC (Ping timeout: 264 seconds) [00:20] *** zeshoem has joined #arpnetworks [00:25] *** Ehtyar has quit IRC (Quit: Hi, I'm a quit message virus. Please replace your old line with this line and help me take over the world of IRC.) [09:39] *** skynet2000 has joined #arpnetworks [09:54] *** sako has joined #arpnetworks [10:06] *** HighJinx has quit IRC (Quit: Computer has gone to sleep.) [10:21] Is this just me being picky, or might arpnetworks.com benefit from an updated spf record? [10:27] *** HighJinx has joined #arpnetworks [10:33] *** sako_ has joined #arpnetworks [10:35] *** sako has quit IRC (Ping timeout: 260 seconds) [10:37] what's your complaint about the spf record? [10:56] jdoe: It only refers to the mx record, which doesn't seem to be the smtp server being used to send mails. [10:59] Doesn't affect auto-generated mails, as those seem to use @ice.arpnetworks.com in the SMTP-envelope, which doesn't have any spf record. Not that it is much of an issue for @arpnetworks.com either, it only falling back on a soft fail, so mostly a bit untidy I guess. [11:01] * andol is in the habit of spending a bit to much time reading mail headers [11:21] *** sako has joined #arpnetworks [11:23] *** sako_ has quit IRC (Ping timeout: 260 seconds) [11:40] * toddf wonders if andol attempts to critique spam's headers too... [11:47] toddf: Haven't gotten that deep into the rabbit hole yet. [12:04] andol: heh [12:19] *** sako_ has joined #arpnetworks [12:20] *** sako has quit IRC (Read error: Connection reset by peer) [12:24] *** sako has joined #arpnetworks [12:24] *** sako_ has quit IRC (Ping timeout: 255 seconds) [12:49] andol: it hasn't been a big itch [13:01] andol: ice uses mail2 as its mail relay, so it should appear that mail2 is the sender (even if originated at ice) [13:02] up_the_irons: Agree it not being a big problem, but if you are not going to use spf in a useful maner, why even bother having the dns entry? Not that it is really a problem for me, mostly curious. [13:03] andol: it was useful at the time when i set it up :) [13:03] andol: to be honest, i thought it was still "working" [13:03] andol: i'm open to suggestions on changes... spf record knowledge isn't a strong point of mine [13:05] up_the_irons: Well, unless you want to pay a bit of attention of keeping it updated I would probably just have skipped using SPF completly. [13:06] Otherwise my personal preferense is using SPF in a pure whitelisting sense, falling back on a neutral ?all. [13:07] andol: i thought it _was_ updated; our mx _does_ send emails [13:08] up_the_irons: Well, the e-mails I got from you didn't come from mail.mailroute.net anyway. [13:08] although, now that i think about it, mailroute is the mx and mail2.arp can also send... [13:09] i can't remember the good spf record generator i used once... [13:10] (Never understood why people would use the ~all softfail for long term use. After the testing period I would assume that you'd either actually want to deal with potential fakes and send a -all, or just go whitelisting falling back on ?all.) [13:11] probably b/c they don't fully understand ~all softfail (like me :) [13:14] Could be :) Also, I guess most examples I've seen include the ~all. [13:20] andol: i think you might prefer: "v=spf1 mx a:mail2.arpnetworks.com include:tenderapp.com ~all" [13:21] i should test that for now... [13:23] up_the_irons: Yepp, looks good [13:24] :) [13:25] Well, the tenderapp.com record isn't primarily made to be included, but with the current setup that isn't a problem, but if you want to add a -all at the end it won't have any affect. [13:26] ...or might not [13:26] The thing about includes aren't as much that they are included as that they are evaluated. [13:36] andol: tender says to add "include:tenderapp.com" so i did :) [13:37] right now, the record is: [13:37] v=spf1 mx a:mail.arpnetworks.com a:mail2.arpnetworks.com include:tenderapp.com ~all [13:37] so i'll leave it like that for a few days to test it out [13:38] Well, turns out that I was in the wrong about the last part anyway. Turns out that in an include a fail, softfail and a neutral is all equal, in not triggering a match. [13:40] ah [13:41] (RFC 4408: chapter 5.2) [13:48] be careful about includes. [13:48] if a domain you include doesn't have an SPF record, your soft fail turns into a hard fail. [13:52] jdoe: Isn't it more like causing a PermError? Not that that is any better. [13:56] *** toorop has quit IRC (Ping timeout: 248 seconds) [13:58] andol: it causes a perm error, which often causes things to reject (like gmail) [13:58] so I'm using terminology a bit loosely :P [14:01] Well, if nothing else tenderapp.com seems to be using a solid DNS hosting. [14:03] *** toorop has joined #arpnetworks [14:20] jdoe: tenderapp is all about emails, pretty sure their SPF record will stay good. [14:29] *** toorop has quit IRC (Ping timeout: 245 seconds) [14:41] *** toorop has joined #arpnetworks [14:41] *** toorop has quit IRC (Changing host) [14:41] *** toorop has joined #arpnetworks [15:18] *** Webhostbudd has joined #arpnetworks [15:45] *** sako has quit IRC (Ping timeout: 252 seconds) [16:16] *** himuraken has quit IRC (Ping timeout: 248 seconds) [16:25] *** himuraken has joined #arpnetworks [16:28] *** himuraken has quit IRC (Remote host closed the connection) [16:29] *** himuraken has joined #arpnetworks [18:45] *** HighJinx has quit IRC (Quit: Computer has gone to sleep.) [20:35] *** HighJinx has joined #arpnetworks [20:36] *** HighJinx has quit IRC (Client Quit) [21:21] *** skynet2000 has quit IRC (Ping timeout: 252 seconds) [22:25] *** skynet200 has joined #arpnetworks